BlackBerry Torch 9800 - PGP keys

background image

PGP keys

About PGP keys

If your email account uses a BlackBerry® Enterprise Server that supports this feature, you can download PGP® keys over the

wireless network from a certificate server provided by your administrator. Depending on your organization, enrollment for a

certificate might be required and might also occur automatically.
PGP keys allow you to send and receive PGP messages using your BlackBerry® device if you are already sending and receiving

PGP messages on your computer.

PGP key basics

Download a PGP key from an LDAP-enabled server

If you use the PGP® Universal Server, you might not be able to download PGP keys from an LDAP-enabled server.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Advanced Security Settings > PGP Keys.
3. Press the

key > Fetch PGP Keys.

4. Specify the search criteria.
5. Press the

key > Search.

6. Click a PGP key.

User Guide

Security

280

background image

7. Click Add PGP Key to Key Store.

Download a personal PGP key from the PGP Universal Server

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Press the

key > Download Keys.

Download an updated PGP key from an LDAP-enabled server

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Highlight a PGP® key.
4. Press the

key > Fetch Updated PGP Key.

Import a certificate or PGP key that is saved on your device

1. On the Home screen or in a folder, click the Media icon or Files icon.
2. Find and highlight a certificate or PGP® key.
3. Press the

key > Import Certificate or Import PGP Key.

To view the certificate or PGP key, press the

key > Display Certificate or Display PGP Key.

Import a certificate or PGP key from a media card

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Advanced Security Settings > Certificates or PGP.
3. Press the

key > Show Media Card Certificates or Show Media Card PGP Keys.

To view the certificate or PGP® key, press the

key > Display Certificate or Display PGP Key.

View properties for a PGP key

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Click a PGP® key.
4. Click View Subkey.

PGP key properties

Property

Description

Revocation Status

This field displays the revocation status of the PGP® key at a specified date and time.

User Guide

Security

281

background image

Property

Description

Trust Status

This field displays the trust status of the PGP key. A PGP key can be explicitly trusted (the
PGP key itself is trusted), implicitly trusted (the PGP key is associated with a private key on
your BlackBerry® device), or not trusted (the PGP key is not explicitly trusted and is not
associated with a trusted PGP key on your device, and a chain of digital signatures to a
trusted key does not exist).

Creation Date

This field displays the date that the PGP® Universal Server generated the PGP key.

Expiration Date

This field displays the date that the PGP Universal Server specified as the expiration date
of the PGP key.

Email Address

This field displays the email address that is associated with the PGP key. Multiple Email
Address fields might appear.

Public Key Type

This field displays the standard to which the public key complies. Your device supports
RSA®, DSA, and Diffie-Hellman keys.

Key Usage

This field displays approved uses of the PGP key.

Fingerprint

This field displays the PGP key fingerprint in hexadecimal format.

Send a PGP key

When you send a PGP® key, your BlackBerry® device sends the public key, but does not send the corresponding private key.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Highlight a PGP key.
4. Press the

key > Send via Email or Send via PIN.

Delete a PGP key

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Highlight a PGP® key.
4. Press the

key > Delete.

Clear the PGP data cache

The PGP® data cache contains cached PGP public keys and the PGP® Universal Server policy that your BlackBerry® device
downloads from the PGP Universal Server.

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.

User Guide

Security

282

background image

3. Press the

key > Clear Universal Cache.

The next time that you send a PGP protected message, your device downloads an updated PGP Universal Server policy and
updated PGP public keys from the PGP Universal Server.

PGP key status

PGP key status indicators

Indicator

Description

The PGP® key has a corresponding private key that is stored on your BlackBerry® device.

The PGP key is trusted and valid, and the revocation status of the PGP key is good.
The revocation status of the PGP key is unknown or the key is weak.

The PGP key is untrusted, revoked, expired, not valid, or cannot be verified.

Check the revocation status of a PGP key

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Highlight a PGP® key.
4. Press the

key > Fetch Status.

Change the trust status of a PGP key

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Highlight a PGP® key.
4. Press the

key > Trust or Distrust.

Revoke a PGP key

If you revoke a PGP® key, the PGP key is revoked only in the key store on your BlackBerry® device. Your device does not update
the revocation status on the PGP® Universal Server.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Highlight a PGP® key.
4. Press the

key > Revoke > Yes.

5. Change the Reason field.
6. Click OK.

User Guide

Security

283

background image

PGP key revocation reasons

Reason

Description

Unknown

The revocation reason does not match any of the predefined reasons.

Superseded

A new PGP® key is replacing an existing PGP key.

Key Compromise

A person who is not the key subject might have discovered the private key value.

Key Retired

The PGP key is no longer used.

User ID Invalid

The user information for the PGP key is not valid.

PGP key options

Change the display name for a PGP key

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Highlight a PGP® key.
4. Press the

key > Change Label.

5. Type a display name for the PGP key.
6. Click OK.

Turn off the display name prompt that appears when you add a PGP key to the key store

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Press the

key > Fetch PGP Keys.

4. Press the

key > Options.

5. Change the Prompt for Label field to No.
6. Press the

key > Save.

When you add a PGP® key, your BlackBerry® device uses the name that the PGP® Universal Server set for the key when it
generated the key.

Turn off the fetch status prompt that appears when you add a PGP key to the key store

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Press the

key > Fetch PGP Keys.

4. Press the

key > Options.

• To download the revocation status of a PGP® key when you add it to the key store, change the Fetch Status field to Yes.

User Guide

Security

284

background image

• To add a PGP key to the key store without downloading the revocation status, change the Fetch Status field to No.

5. Press the

key > Save.

PGP key shortcuts

View the label of a PGP® key

Press the Space key.

View the properties of a PGP key

Press the key.

View the security level of a PGP private key

Press the Alt key and L.

View personal PGP keys

Press the Alt key and P.

View PGP keys for other people

Press the Alt key and O.

View all PGP keys

Press the Alt key and A.

Troubleshooting: PGP keys

I cannot download a PGP key from an LDAP-enabled server

Try the following actions:

• Verify that your organization permits you to download PGP® keys from an LDAP-enabled server. For more information,

contact your administrator.

• If you changed the connection type that your BlackBerry® device uses to connect to an LDAP-enabled server, try using

the default connection type.